Hardcoded Password Vulnerability in CENTUM by Yokogawa
CVE-2025-7741

2.1LOW

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Centum Vp
Vendor: CVE Published:; 30 March 2026

🔔 Create Yokogawa Electric Corporation Vulnerability Alert

What is CVE-2025-7741?

A hardcoded password vulnerability has been identified in Yokogawa's CENTUM systems, where a default password for the PROG user account allows potential unauthorized access under certain conditions. This vulnerability applies specifically when products are configured in CTM authentication mode and when an attacker can obtain the hardcoded password before exploiting the vulnerability. Furthermore, malicious users must have direct access to the Human Interface Screen (HIS) controls to leverage this vulnerability. While the default permissions restrict critical operations, changes to user permissions could escalate risks significantly.

Affected Version(s)

CENTUM VP R5.01.00

CENTUM VP R6.01.00

CENTUM VP R7.01.00

References

https://web-material3.yokogawa.com/1/39531/files/YSAR-26-...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Jul 17, 2025

CVE-2025-7741 Data

JSON